package com.qianfeng.freeshiro.util;

import com.qianfeng.freeshiro.entity.Users;
import com.qianfeng.freeshiro.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Component;
import org.apache.shiro.session.Session;

import javax.annotation.Resource;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/**
 * 提供数据
 *
 */
@Component
public class MyBatisRealm extends AuthorizingRealm{

	@Resource
	private UserService userService;

	@Override
	public String getName() {
		return "MyBatisRealm";
	}

	/**
	 * 用来查询用户的角色和权限
	 * 此方法的执行条件：
	 *  对权限或者角色进行校验的时候，会主动触发此方法的执行
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		System.out.println("-------------------->");
		Iterator<String> it = principals.iterator();
		Object obj = it.next();
		System.out.println("========" + obj.getClass().getName());
		Users user = (Users)obj;
		System.out.println("======" + user.getName());
//		List<String> roles = userService.findRoleCodeByUserId(user.getId());
//		if (roles == null){
//			return null;
//		}
//		Set<String> permsSet = new HashSet<String>();
//		for(String roleName:roles){
//			List<String> perms = userService.findAuthsCodeByRoleCode(roleName);
//			permsSet.addAll(perms);
//		}
		
//		Set<String> rolesSet = new HashSet<String>(roles);
		
		SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//		simpleAuthorizationInfo.setRoles(rolesSet);
//		simpleAuthorizationInfo.setStringPermissions(permsSet);
		Set<String> permissionSet = new HashSet<String>();
//		permissionSet.add("1001");
		permissionSet.add("1002");

		permissionSet.add("1003");

		simpleAuthorizationInfo.addStringPermissions(permissionSet);
		return simpleAuthorizationInfo;
	}

	/**
	 * 
	 * 查询并提供用户信息
	 * 参数：传递进来的用户名和密码
	 * 返回值：
	 * 如果登录成功将用户的信息封装到AuthenticationInfo中
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		//将用户名和密码进行封装的一个类
		System.out.println("------------>");
		//---------------查询数据库----------------
		//获取传递进来的用户名和密码
		UsernamePasswordToken upToken = (UsernamePasswordToken) token;
		String username = upToken.getUsername();
		String password = new String(upToken.getPassword());;
		Users user = userService.findByUsernameAndPwd(username, password);
		if (user != null){
			/**
			 * 参数1：用户名
			 * 参数2：用户密码
			 * 参数3：提供数据源的realm的名称
			 */
			SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user, user.getPwd(), getName());

            // 当验证都通过后，把用户信息放在session里
            Session session = SecurityUtils.getSubject().getSession();
            session.setAttribute("userSession", user);
            session.setAttribute("userSessionId", user.getId());
			return authenticationInfo;
		}
		
		return null;
	}
	
	


	

}
